How to recognize and avoid cyber scams in your industry

Stay ahead of rising scams with smarter cybersecurity 

As of 2022, more than 595 million adults worldwide have experienced cyber scams. Since then, this number has continued to grow for individuals and businesses alike. While hackers mostly attacked large organizations in the past, they recently shifted gears to target smaller businesses. Why? Owners and managers of small and medium-sized businesses often present easier targets due to leaner IT teams, fewer security tools and lower levels of investment in employee awareness training.

While focus has spread to include SMBs, organizations of all sizes are struggling to grapple with the cybersecurity problem. Among the many growing threats, phishing scams rank as one of the most prevalent scams that companies face and they are only getting worse. Gen experts found a 465.8% increase in attacks from Q4 2024 to Q1 2025. 

However, findings also confirm that there are effective ways for organizations to reduce or avoid online scams. These include implementing cybersecurity best practices, leveraging AI-powered defense tools and investing in security awareness training. 

How to recognize phishing scams before damage occurs

There’s a good reason that phishing scams are on the rise. The first is that phishing provides a gateway for almost every other type of scam, such as ransomware and data leaks. The second is that hackers have found it’s much easier to compromise people than systems. Breaching systems requires more technical skills enhanced by the best AI tools, while targeting people requires communication skills enhanced by basic LLMs.

Tips for identifying phishing scams

Companies must rely on systems that can detect cyber scams and teach workers — and even customers — how to identify and respond to these attempts. The Consumer Financial Protection Bureau offers some excellent advice to spot red flags in emails, text, chat, social media DMs or calls:

• Claiming to come from a trusted source (e.g. bank, government, family member) but pressuring you to pay or send money
• Asking you to pay upfront fees or taxes to receive a reward or price (e.g. the lottery scam)
• Requests for payments through unusual or risky channels (e.g. crypto, prepaid gift cards or payment apps)
• High-pressure attacks that try to get you to act quickly to get a once-in-a-lifetime or limited deal
• Any other form of emotional manipulation that uses urgency or fear to override careful decision-making

Cybercriminals rely on psychology by exploiting emotions that cause people to act quickly or take risks. Scammers prey on fear, desire to protect loved ones or even greed. They may also weaponize the trust people have in established sources, such as family members, employers or charitable organizations. Sadly, the impact of broken trust can create ripple effects throughout society.

How to protect your business from online scams

Protecting against phishing, AI scams and other forms of cyber fraud requires a multi-layered approach. Companies that focus exclusively on tools or people will ultimately leave gaps that hackers may exploit to gain unauthorized access.

Secure your human resources

Roughly 95% of security breaches stem from human error. Consequently, companies must place the greatest investment for phishing scam prevention in their human assets. Reinforce a blameless culture so employees escalate quickly instead of hesitating or trying to fix it themselves.

You should also provide employee security awareness training. However, consider skipping the type of automated training with screens that people simply click through to complete. Instead, conduct red team exercises and create teachable moments from the experience. 

Follow governance best practices

Creating and enforcing written policies can help organizations streamline the administrative aspects of avoiding online scams. Every organization should have playbooks that cover: 

• Notifying the IT or security team about potential scams
• Investigating those scams and the procedures to follow
• Containing the threat and the steps to follow
• Notifying regulators or partners and the order of priority

Keep policies simple and easy to follow and use technology to enforce them whenever possible. For example, making it impossible to hit the payment button until a second person has reviewed an invoice request.

Apply technical controls

This is the area where most organizations invest their time, however too many CISOs choose and implement tools in isolation. Technical controls must complement the human and governance layers of your security plans:

• Multi‑factor authentication (MFA): Not only does this make it more difficult for hackers to log in with stolen credentials, but it also makes it inconvenient for employees to share passwords.
• Scam Detector: Norton Genie uses AI to analyze texts, emails and social messages in real time. Employees can paste suspicious content into the tool and get an instant assessment. This reduces the likelihood of falling for cyber scams.
• Antivirus and advanced protection: Avast provides continuous malware scanning, phishing site blocking and Wi‑Fi network inspection. It helps to catch malicious attachments and dangerous downloads before they cause harm.
• Device and browser protection: Norton blocks unsafe sites, detects fraudulent pop‑ups and stops exploit attempts at the browser and operating‑system level. It adds another layer beyond email filtering.
• Secrets and password management: Use enterprise password managers and rotate service credentials regularly to reduce reuse and shadow spreadsheets.
• Threat intelligence: Avast draws on one of the world’s largest threat‑detection networks to identify new scam tactics quickly and distribute protections to all endpoints.
• Identity monitoring: Norton LifeLock Benefits Solutions alerts employees or customers if their Social Security number, financial accounts or personal details show up on the dark web. This provides early warning and recovery support if a scam leads to identity theft.
• Remediation services: Norton LifeLock Benefits Solutions specialists also offer hands-on assistance to guide cybercrime victims through account recovery, credit freezes and fraud resolution.

Secure the physical environment

There’s a lot of fingerpointing at remote work as a source of risk, but breaches happen in person, too. Enforce badge access and watch for tailgating. Additionally, secure shared spaces like printers and mailrooms where people might find and steal sensitive documents. Lock screens, label and inventory devices and follow secure disposal procedures for drives and SIMs to prevent data theft that later fuels social engineering.

How to respond to potential cyber scams

When a suspected scam occurs, a fast response can make a world of difference. However, speed often depends on whether the affected person recognizes the urgency, knows what to do and can find relevant information quickly. Information availability and security awareness are areas for optimization that your security team must prioritize before incidents ever occur.

Corporate level

When an organization suspects a scam or compromise, the first priority is containment:

• Disable affected accounts.
• Revoke tokens and isolate compromised systems.
• Preserve evidence by saving email headers, logs and suspicious files before wiping or restoring devices.
• Document every action with timestamps to support investigations. 

At this stage, companies may also have legal obligations. Financial institutions, health care providers and companies in other regulated industries must notify regulators and sometimes customers when certain types of data are exposed.

Employee level

Employees who think they’ve interacted with a scammer should immediately report the incident through official channels so that the response team can act quickly. Organizations should also have a playbook in place for them to follow, such as:

• Resetting their passwords
• Enabling MFA on all critical accounts
• Restricting use of the affected device until IT clears it

Customer level

When customers or partners are affected, speed and transparency matters here too. Notify them quickly with clear instructions, such as resetting passwords, verifying recent activity or watching for follow‑on phishing attempts. 

Additionally, provide access to support, such as identity monitoring or remediation services. Businesses should also report the scam to law enforcement agencies like IC3 to help with broader investigations and possible recovery of stolen funds.

Your business might be more vulnerable than you think

No business is 100% safe from online scams, regardless of your size or reputation. Even the world’s most sophisticated companies have been fooled. A Lithuanian fraudster impersonated a real hardware supplier and tricked tech giants into wiring over $120 millionusing forged invoices and email look-alikes. He later pled guilty and was sentenced in the United States to five years in prison.

Today, AI-assisted tools also make it easier to hack both systems and people. They can instantly crack numeric, eight-characterpasswords and impersonate beloved grandchildren or trusted community leaders. Remote work and reliance on vendors can also introduce risks, but even companies with centralized distribution chains and in-person staff can suffer breaches.

Industries facing the highest risks of cyber scams

Some companies face far greater risks than others, not due to any fault of their own, but because of their industries. They are both highly regulated by government agencies and highly sought after by hackers — usually for the same reason. These organizations process highly sensitive data or may provide access to critical infrastructure.

Financial services

Gen Q1/2025 snapshot highlights a surge in phishing and personal-data exposure. Payment flows, wire transfers, consumer PII/PCI and high-value accounts are irresistible to hacking groups. Trends include business email compromise, invoice manipulation, deepfake CEO/CFO voice calls and urgent invoices timed to quarter-end pressure. 

Insurance

Carriers and brokers hold rich identity datasets (SSNs, claims, medical and property details) that enable takeovers, synthetic identities and policy-payout fraud. Scammers use this information to create even more convincing communications or to get assets, services and credit based on stolen personal identities and insider business information.

Telecommunications providers

Telecom providers sit at the center of account access (SIM swaps, number ports, one-time codes). Attackers phish employees and customers to facilitate account takeovers, then pivot to bank or cloud accounts. Gen Q1 2025 report found that mobile-centric fraud and phishing growth are key ingredients for telco-enabled attacks.

Build a multi-layered defense plan for your organization

Every organization needs a layered plan to protect against and respond to the growing threat of cyber scams. Effective plans include coordination across multiple layers, such as people, governance, tools and physical security. Customers — especially in financial services, insurance and telecommunications — benefit from added checks and clear communication when risks arise.

Gen can reinforce these efforts. Norton and Avast are some of our consumer brands that help block scams, detect new threats and support identity recovery. Businesses can partner with us to provide these tools as employee benefits, while regulated industries can extend protection to customers for greater trust.

Investing in tools and knowing how to avoid cyber scams is just the first step. The next is vigilance. Building a culture that prioritizes security awareness and proactive defense makes scams less effective and less costly. 

Are you ready to transform the way you protect your organization from online scams? Schedule a call today to learn how Gen can help protect your employees and customers.